After a chrome and passbolt extension update - browsing to my self-hosted passbolt server shows a blank page with 2 x the following errors in the chrome console.
Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘sha256-’), or a nonce (‘nonce-…’) is required to enable inline execution.
Chrome 121.0.6167.161
Windows 10
Passbolt CE 4.5.0
Passbolt Extension 4.5.0
OK - these errors are not an issue with the new extension, it may be due to new security measures in chrome.
The cause was other services (newrelic and cloudflare) inserting inline scripts into the html
However, having gotten rid of those errors, I am still faced with a blank browser page when trying to view passbolt or recover account etc.
We have that problem too. It started on 02/08/2024 at 2PM. Only the Chrome browser is affected. We have also updated to version 4.5.0, but the error remains. What options are there to solve the problem?
We have users reporting issues with passbolt browser extension, when running passbolt under a directory (e.g. https://www.passbolt-domain.com/passbolt) the team is currently working on a hotfix.
Let us know if you issue is different by providing some additional information, such as the browser extension logs.
As Remy has announced, a solution is being finalized and is expected to be released today in the version 4.5.1 update of the browser extension.
Issue Overview This issue specifically affects instances operating within a subdirectory. It is limited to Chrome users only.
Temporary Solutions For those requiring immediate access to their passwords, two temporary solutions are available:
Thanks, your solution helps a lot.
The Chrome extension v4.5.1 was rolled out in production this morning and should solve this issue.
Well, unfortunately, I still am having this issue. I’ve confirmed I have version 4.5.2 Chrome extension.
My Chrome is Version 121.0.6167.161 (Official Build) (64-bit)
Problem:
I go to my passbolt webpage. It asks for email. I then click on my extension to activate it. I enter my credentials into the extension popup. I click Login. The login button just spins forever AND the passbolt page just goes blank. Checking dev tools, nothing but 200s for everything that loads, but it’s still a blank page.
The URL for my passbolt is like “https://passbolt.subdomain.domain.tld”
Is there a place where this gets logged out to that I can check for error messages?
Thanks!
Well that was quick! MERCI Cedric for helping me fix my issue.
My fix was to go to the settings of the extension and make sure “Site Access” was set to “On all sites”. Previously it was just “On click”.
Hi all,
I encounter exactly the same issue with server and chrome extension both using version 4.5.2 and URL is same as @BrianK with https://passbolt.subdomain.domain.ltd
Has anyone found a way to correct this issue ?
Regards
I am also getting this now on Firefox, tried clearing cookies etc. and no luck. 4.5.2, with passbolt.domain.tld.
Odd - disabling and enabling extension fixed it for me for the time being!
Got it. When you mentioned ‘getting this now’ in Firefox, did you mean the issue appeared itself without any direct intervention on your part? Apart from clearing cookies, did you modify any settings in the extensions or adjust anything specifically in about:preferences#privacy?
It’s interesting to hear that the classic ‘unplug and replug’ method seemed to work, but I’m keen to dig deeper into what might have caused this issue in the first place. Any additional details you can share about your experience or any steps you took would be really helpful!
In my case this happened after chrome update. I then went to a full chrome cleanup (cookies, cache, etc…) and a full server update (self hosted). From times to times it works and suddenly it stop working.